Analysis

  • max time kernel
    29s
  • max time network
    36s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    24-08-2024 10:20

General

  • Target

    c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547.apk

  • Size

    312KB

  • MD5

    1285e688bb834e348023425ab4bbbfa5

  • SHA1

    605526f8ee8bb7150dbd2a4b90ab9ab5edabd7da

  • SHA256

    c18c5ca32b80d4b595500853e1899d03edbe954d1e79da14f167aa888918d547

  • SHA512

    6cf4ab3fa4222487731d7cc353b96db63129e9138092167abdb577f6cace82f4f7ffb0a992e9d76c30ae5b2a24f4c87a9bdcd767f30c52ee885ea1f5b2d5d258

  • SSDEEP

    6144:jam054ohSedp4p1znyG5RUMWjgZCoXJvasgcgN:jjWhCnnFHUs3pashgN

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • wcqrucdpzh.otstodvvsm.vrbnjqrsrr
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4938

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Android/data/.nomedia.Lucy

    Filesize

    16B

    MD5

    bd42cd13735e292889aeaf043738d15e

    SHA1

    2811cb68a43aa2bc8c76d113a4b3f2b5edb37b8d

    SHA256

    8e94a5b968157a3b143ba2d29cbf1b9981c176eaac274b3ce7aaa7850911f191

    SHA512

    f52e88ac338fecb2d2150aae9efbdae2f889b1d2572c45bca48bc4000eb28f8b8a6c176574f8e19152c0a015aba2d7420c35ec75a3e24f5cda0927772cdb3983

  • /storage/emulated/0/Android/data/.nomedia.Lucy

    Filesize

    16B

    MD5

    70c91d8e88c03c76ef0ac484d12bea91

    SHA1

    a88b73cf5369ce216215a05795157ef60b8472d9

    SHA256

    3677148382ff536e35aaacd6f6148b730bb373e20d67da9e6bf079fd71373b23

    SHA512

    4a83d9e0f212610d702f6e7af34e5a2c1462180a8b0c28025f2e35d6e77a6c75d785b43ae361ae5a7151379e1e8e0205e4624dfbf0b61be37fd9dd01a77724f2